New phishing scam: spoofed campaign sites

Loyal democrats targetted

By Grant Gross, IDG News Service | 04 August 04

Phishing fraudsters have found another group of victims to target – people who want to donate to political campaigns.

Late Sunday, SurfControl PLC, a web and email filtering software vendor based in Congleton, Cheshire, noticed two apparent scams targeting people wishing to donate money to John Kerry's US presidential campaign. Email with the subject line, "President John Kerry, please vote and contribute," directed recipients to two websites, one registered in India and the other in Texas.

Phishing scams – stealing credit card numbers and other personal information by using spam e-mail to direct people to spoofed websites – have been around for years, but this is the first political phishing scam SurfControl has observed, said Susan Larson, vice president of global content at SurfControl.

This latest scam doesn't appear to have a political motivation, just an economic one. The scam email appeared within days of the end of the Democratic National Convention in Boston.

Phishing scammers can use current events to support their claims, Larson said. "They want people to think they have to do this now," she added. "That's typical of the way they get the best hit."

Both sites were designed to look like Kerry's official campaign site, johnkerry.com, Larson said. "It was a very legitimate looking-e-mail," Larson noted.

Neither of the apparently spoofed sites was still operating as of late Tuesday, which along with the odd registration locations, led SurfControl to conclude the sites were not legitimate, Larson said.